GeoNetAgent, LDAPWeb, server-audit, server-connection
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

62 lines
2.0 KiB

<?php
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Api\Concerns\RespondsWithJson;
use App\Http\Controllers\Controller;
use App\Services\AuditLogService;
use App\Services\LdapAuthService;
use App\Services\LdapJwtService;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
class AuthController extends Controller
{
use RespondsWithJson;
public function __construct(
private readonly LdapAuthService $ldapAuth,
private readonly LdapJwtService $ldapJwt,
private readonly AuditLogService $audit
) {
}
public function login(Request $request): JsonResponse
{
$credentials = $request->validate([
'username' => ['required', 'string', 'max:100'],
'password' => ['required', 'string', 'max:255'],
]);
$user = $this->ldapAuth->attempt($credentials['username'], $credentials['password']);
if ($user === null) {
$this->audit->logPublic('api.v1.auth.login.failed', $credentials['username'], $request, [
'username' => $credentials['username'],
]);
return $this->fail('Invalid LDAP credentials.', 'invalid_credentials', 401);
}
$profile = $this->ldapAuth->lookupUser($user['username']);
$groups = $profile['groups'] ?? [];
$token = $this->ldapJwt->issue($user['username'], $user['is_admin'], $groups);
$this->audit->logPublic('api.v1.auth.login', $user['username'], $request, [
'username' => $user['username'],
'is_admin' => $user['is_admin'],
]);
return $this->ok([
'access_token' => $token,
'token_type' => 'Bearer',
'expires_in' => config('api.ldap_jwt_ttl'),
'auth_type' => 'ldap_jwt',
'user' => [
'username' => $user['username'],
'display_name' => $user['display_name'],
'is_admin' => $user['is_admin'],
],
]);
}
}